CVE-2025-34502

High CVSS: 7.0

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboot. This weakness allows long-term firmware tampering that survives power cycles. The vendor indicates that more recent firmware updates strengthen update-chain integrity and disable physical update ports to mitigate related attack avenues.

Vendor

Product

CWE

CWE-1326

Yayın Tarihi

2025-10-24 23:15:46

Güncelleme

2025-10-27 13:20:15

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1326 HIGH 2025

Referanslar

https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-missing-secure-boot